Kind of makes the whole certification thing a little pointless. I'm in the process of hiring a cybersec team, and I don't care about certification, just attitude, experience, and "cyber curiousity".

I'm not a big fan of certs.

That said, there are some baseline certs - CISSP comes to mind. There are also some legit advanced certs - CCIE, EnCE, and several of the GIAC certs. Attitude only goes so far when people don't know what to look for during incident response or don't know anything about standards.

Most job candidates in the field are disappointing at best regardless of their degrees, certs, or experience. Interviewed one a month ago that had 10 years experience in the field, all sorts of certs and couldn't describe what a windows service actually does. Sigh.

Most job candidates in the field are disappointing at best regardless of their degrees, certs, or experience. Interviewed one a month ago that had 10 years experience in the field, all sorts of certs and couldn't describe what a windows service actually does. Sigh.

In my recent experience, I've found the more experience / certs a candidate has, the more arrogant and demanding they are. I'm hoping that's not the case everywhere, but is another reason why I favour attitude over certs.

__________________
"Amateurs train until they get it right. Professionals train until they can't get it wrong." - Unknown

No argument from me on that, but for a lot of folks outside the industry trying to break in, you typically start somewhere.

Your point about proliferation of training is one of the key components of the 'critical skills gap'.

Folks inside the industry know what skills and certs have value, and don't necessarily need the training, unless they know a job they want requires something they don't have - the cert just unlocks the interview process.

To your point about arrogance, what we are seeing in any 'digital transformation' industry (Cyber, Big Data, AI, Digital Marketing etc) is that the majority of the 10+ year talent started OJT and are behaving as incumbents, because most employers hire for a skill or cert to meet a need and do not have bandwidth or expertise to train in house.

This makes the older incumbent workforce able to bend folks over on cost.

My personal belief is that this is still echoes of DotCom 1.0, where the long term relationship of employee with same company for entire career was broken.

The talent got pissed it was hung out to dry, got used to being 1099 contract help, and the model that broke professional development from career entry in these areas was born.

I think absolutely the best strategy is to hire for culture fit and soft skill (IE security mindset vs technical mindset - understanding of human behavior vs technical competence etc) assuming you have strong in house training culture.

For the individual trying to break in to the industry, it almost makes more sense to get hired as a peon janitor in one of the bigger companies and milk the shit out of hallway and cooler talk conversations to understand what sort of training to pursue, and then either hire into a role at that company after completing the training, or complete the training and hire into entry level at a competitor.

This would be if you did not have access to a program like the one in this thread, that would have a vested interest in placing you after completion in training.

These sorts of pipelines are scattered all over the place in industry and if they don't result in placement, they result in good market awareness and Face to face networking.

If I were hiring in this space, I would design something similar, a 40 hour course of instruction that was either A) based on an existing skill pre req or B) was the vetting process and skill confirmation for a role I had

and advertise it to my target persona (in this case veterans with existing networking skills) and put a networking offer on the end of it. Tell a few other companies you are going to have a mixer with vetted potential new hires and you have a program.

Yeah you would lose a week of one SME's man hours, but if you got 5-10 solid participants you would get a real strong look at them and assessment of their abilities.

You could run it as a night school for 2-3 hours a night, and not interfere with normal job hours to make it accessible.

As for the Norwich program the Army waited until the last minute so the program has been delayed from June until September for first classes. Apparently the funds could not be sent to the school fast enough. From what I gleaned from the non-bcc email list old dude sent out Norwich has 50+ participants. Assuming Norwich is not giving Uncle Sugar a discount that is half a million ducats.

Spot on. I finished my MA in History there almost two years ago. Kicked my ass. Lots of reading, analyzing, and writing. I know nothing about the cyber program there, but if it's anything like the history program its top notch. I do know that the cyber program at Norwich is a Center of Excellence for the NSA and DHS, so that should count for something. I think Chemical Cookie also went there and may be able to chime in.

IMO, a free graduate certificate from a national recognized program has to be worth the cost.

Sorry gents (and ladies). Been knee deep with life. Haven't been on in ages.

But yes, I did my bachelors and first Masters at Norwich.

When I first started the MDY, I went to an alumni dinner and had the chance to speak with President Schneider. It was around that time he began speaking about the hurdles he faced setting up the cyber program and partnerships they had established with the IC. Said he was going all in to make it happen and had a great pathway forward. Looks like that turned out to be true.

If the certificate is anything like their degree programs, um, just hold on tight.

If you decide to work in the DC area, the Norwich brand will carry just as strong of a name as the Service Academy's. Norwich has great and strong military heritage. In fact, it's the oldest private military college in the country.

Finishing up the first class in the Graduate Certificate (2 classes) this next week. All the scholarship stuff was behind the scenes and well handled. They even included a 1250 dollar stipend for a laptop. The class is very professional. Not to onerous, maybe 4-8 hours a week. The instructor is an industry expert. So all in all I would recommend.

Finishing up the first class in the Graduate Certificate (2 classes) this next week. All the scholarship stuff was behind the scenes and well handled. They even included a 1250 dollar stipend for a laptop. The class is very professional. Not to onerous, maybe 4-8 hours a week. The instructor is an industry expert. So all in all I would recommend.

Thanks for the update. Are you already working in the field you're studying?

In my recent experience, I've found the more experience / certs a candidate has, the more arrogant and demanding they are. I'm hoping that's not the case everywhere, but is another reason why I favour attitude over certs.

On Thursday, I interviewed a candidate with a Masters in Cyber and a dual focus in development/operating systems.

I stumped the professor by simply asking him to explain how services are different from processes. He had no answer at all. Zero. The interview went downhill from there. He told me that he'd done "malware reversing" which by his definition was apparently some mix of virus total, an online sandbox, and the application of some yara rules. Of course, the candidate couldn't give any context around the yara rules he used or, in general, how yara rules work.

This is my second interview with a Masters level graduate that went essentially the same way.

Thanks for the update. Are you already working in the field you're studying?

Yes, I work at the Army Cyber School as an instructor, although I stick to leadership and planning. No keyboard work for me. I’ll bite on this certificate duscussion. Broadly there are two kinds, the PMP or Sec+ type that you generally self study for and many people can get through by being good test takers, or by genuinely mastering the material. And the other, which this Norwich program is, which is part of a degree. In this case 1/3 of a degree. As this is higher education in America in 2018, as long as you pay your bill and turn in assignments on time you will pass and earn the cert and if you like the full degree. So both types of certs can be seen as useless. And there are some people who take the material seriously and master the material. So when you see it on a resume or someone mentions it as a qualification I suggest everyone see it from that wide range. Also remember that the top people in many fields are probably not answering your cold call for resumes in this economy, so yes, separating the wheat from the chaff is reality.

Ok, update on this program/ opportunity. I finished the two classes for the Graduate Certificate. They were good classes, working professional instructors, good peer group of experts. I learned a lot. To add some icing to this cake they contacted me last week and mentioned there was some more funds and they are looking at funding the rest of the masters degree. So all in all good things. They even mentioned publishing one of my papers, which can be a wide range of "published," but it seems like a nice opportunity.